I Introduction
Spurred by grid modernisation efforts, the adoption rate of advanced metering infrastructure (AMI) using smart meters (SMs) has risen steadily across the globe in recent years. On one hand, this enables the development of efficient datadriven grid operation and management methods [1]. On the other hand, the highfrequency measurement data provided by AMI can be used to derive the private information of consumers, such as their lifestyle habits, occupation, and religious inclinations [2, 3, 1]. This has led to concerns about privacy risks, and works in quantifying and mitigating these risks, such as [4, 5, 6, 7, 8]. Two main families of privacy protection schemes for consumers with SMs exist, namely smart meter data manipulation (SMDM) schemes, and user demand shaping (UDS) schemes [9].
SMDM schemes modify the SM data before it is transmitted, and include consumer aggregation [10, 11], consumer anonymisation [12, 13], and differential privacy based addition of noise [14]. However, these methods require trusted third parties, either in the processing of the data, or in the supply and installation of SMs with privacypreserving firmware. UDS methods, on the other hand, physically alter the physical energy consumption profile of the consumers recorded by SMs (grid load), such that it no longer reveals the private information contained in the underlying privacy sensitive consumer load (sensitive load). This is achieved by actively controlling loads to shape the grid load profile, ideally decoupling it from the sensitive load profile. UDS methods can typically be implemented behindthemeter, which avoids the need for a trusted thirdparty.
UDS methods can be split into those using energy storage systems (ESSs), and those controlling flexible consumer loads. Fig. 1 illustrates a possible system setup for UDS methods, which is governed by the following equation:
(1) 
There are numerous recent works using ESSs, e.g., load levelling [5], limiting the load profile to distinct steps [6], and directly minimising an approximate of mutual information (MI) [8]. However, UDS methods utilising flexible consumer loads are scarce in the literature. One such UDS scheme, proposed in [15], utilises the flexible consumer loads to hide occupancy by using artificial signature injection and partial load flattening. The authors then verify their scheme by testing the resultant load profiles on a few occupancy detection algorithms. While in [16], optimised electric vehicle charging and electric furnace are used to obscure recoverable information from nonintrusive load monitoring (NILM) techniques. Notwithstanding, the use of flexible consumer loads for general privacy protection irrespective of the adversarial model is not well studied.
With the development of grid communications infrastructure and the proliferation of smart appliances, there are also considerable advances in home energy management systems (HEMSs) that enable the coordination and scheduling of home appliances. HEMSs allow for the optimisation of residential electricity consumption patterns in order to improve efficiency, economics, and the reliability of residential buildings with regards to their role in the grid and occupant comfort[17]. Given increasing interest in HEMSs and the ubiquity of flexible consumer loads, this paper explores the use of HEMSs to control flexible consumer loads in order to mask the private information contained in the grid load about the sensitive load.
The rest of this paper is structured as follows: Section II provides a brief overview of privacy for consumers with smart meters and the use of flexible consumer loads for privacy protection; Section III provides an analytical comparison between consumer privacy protection using ESSs and FTLs; Section IV details the controller design of a HEMS for comparison of realistic systems; Section V presents numerical results; and Section VI concludes the paper.
Ii Consumer Privacy Protection
using Flexible Consumer Loads
One measure of consumer privacy is the mutual information (MI) between the sensitive load and the grid load [4, 7], which measures the amount of information reveals about and vice versa. The MI between and
, which are random processes, can be given as the average MI between the random variables
and that make up the processes [7, 18], i.e.,(2) 
where is the MI between the random variables and , and is the number of random variable pairs. This concept of average MI will be used in Section III for the analysis of consumer privacy protection.
Given two random variables and
, the MI between them is given by a function of their joint probability distribution function (PDF)
, and marginal distributions, , and. These PDFs are typically unknown, and must be estimated. Assuming that multiple samples of
and are available, the PDFs can be estimated using the histogram method. Hence, only for the purpose of estimating these PDFs, assume that the protected and grid loads have finite support, i.e, , and . Then, the MI between and can be given as(3) 
where denotes the probability of , and is the base2 logarithm. As and are continuous in reality, the estimates become more accurate with an increase in and ; but this also requires more samples to prevent overfitting.
In order to minimise leakage of privacysensitive information, it follows that one needs to minimise the MI between the sensitive and grid loads. This can be done either using UDS or SMDM methods as described in Section I, using either ESSs or flexible consumer loads.
The term flexible consumer loads include thermal loads such as hot water heaters and space conditioning, schedulable loads such as clothes and dish washers, and interruptible loads such as the charging of electric vehicles. Flexible consumer loads can be classified into the following categories:

[label=)]

The flexible loads are not privacysensitive, i.e., their usage does not reveal privacy sensitive information about the consumer, nor are their presence in a household considered sensitive private information.

The flexible loads are privacysensitive with regards to their timeofuse, but not their presence in the household.

The flexible loads are privacysensitive, i.e., both their timeofuse and presence in a household reveal sensitive private information.
There are no privacy issues arising from their usage if the flexible loads are of the first category. For loads of the second category, using them to mask the sensitive load inherently also masks the private information they reveal: their timeofuse is shifted and thus, the private information revealed by their original timeofuse is masked. However, if the flexible loads are of the third category, then the privacyprotection problem also needs to consider whether the resulting grid load is able to mask the electrical signature of the flexible loads, i.e., whether the sensitive load is able to sufficiently distort the signatures of the flexible loads.
In this paper, we consider the use of flexible consumer loads within the first two categories in UDS privacyprotection schemes. Moreover, we limit our analysis to flexible thermal loads (FTLs) due to their ability to “store” thermal energy, and are more likely to be interruptible compared to other flexible consumer loads such as washing machines that have minimum cycle times. Inductive FTLs such as heat pumps have complex on/off cycles and electrical signatures, making the analysis of their effectiveness in privacy protection complicated. Hence, in order to draw meaningful conclusions, we will focus on resistancebased FTLs, such as electricresistance water heaters, and electricresistance space heaters. In the next section, we will compare the theoretical performance of ESSbased UDS schemes against those using FTLs.
Iii Comparing Privacy Protection using Energy Storage Systems and Flexible Thermal Loads
Setting aside the distinctive constraints of both ESSs and FTLs, the privacy protection afforded by them for UDS differs in one key aspect: ESSs are able to both charge and discharge, i.e., increase or decrease grid load; while traditional residential FTLs are only able to “charge”; i.e., they can draw power from the grid, but typically cannot provide power back to the grid.
Let be the entropy function, with being the probability of the variable and being minimal when the outcome is certain, and maximal when the underlying distribution is uniform. Additionally, assume that the following is true:

[label=()]

No energy wastage is permitted.

The power ratings of the ESS and FTL are sufficiently large to compensate for the difference between the maximum and minimum consumer load, i.e., .

The controller has perfect knowledge of the efficiency curves of the ESS and FTL.

The controller has perfect knowledge of the consumer load and its average .

The ESS has infinite energy storage capacity.

Either the FTL has infinite thermal storage capacity, or it holds for the average electrical equivalent of the consumer thermal demand that .

The FTL demand is continuous, i.e., it is not a stepload.

Both ESS and FTL have an initial stateofcharge of .
Using MI as measure of privacy, the differences in achievable privacy protection by both technologies are discussed in the remainder of this section.
Iiia The Loads are Independent and Identically Distributed
Let the random variable pair , and its marginals and be independent and identically distributed (i.i.d.), then by definition, MI, can also be written as a function of their Shannon entropies,
(4) 
Proposition 1.
is minimal when is minimal, i.e., when is minimal.
Proof.
The distribution of the consumer load is uncontrollable, nonuniform, and the number of outcomes with nonzero probability is nonsingular, i.e., . Hence, is greater than zero. Since is nonuniform, as is nonuniform, is limited by the given . Therefore, is minimal when is minimal, i.e., when is minimal, where , instead of when is maximal. ∎
For the rest of the paper, we denote the realisations of the random variables with lowercase letters, as the average value of , as the minimum value that can take, and as its maximum value.
It would be trivial to see that perfect privacy, can be achieved by maintaining a constant grid load, , where . Let the grid load achieved using the ESS be denoted by and that of FTL by , then there exists and such that . While can be any arbitrary value , there is less flexibility for , with . Nonetheless, the theoretical maximum privacy can be achieved by both technologies.
In reality, storage capacity is finite, and for most consumers, it would be unreasonable to assume that the system is undersized, i.e, , where is the electrical equivalent of the average power consumption required in order to maintain consumer comfort. Therefore, assumptions 5 and 6 are made more stringent such that the storage capacity is finite, but sufficiently large to average out consumer load (or thermal demand) over a finite period of time. Additionally, average thermal demand is now assumed to be large, but less than the FTL power rating and that . For ESSs, the controller would now need to select a constant grid load such that , where is the round trip loss of the ESS. This allows a constant that does not empty or fully charge the ESS. As it would be possible to sustain indefinitely, . For FTLs, it follows that . Assume that is still minimised by actuating whenever possible. In this case, we now also have . Let be the total number of samples, and the number of instances where , then
(5a)  
(5b) 
where (5b) follows from the fact that and . Thus, as , i.e., privacy loss using FTLs for UDS schemes is, under the given assumptions on equivalent storage size, greater than those using ESSs given these assumptions.
IiiB The Loads are FirstOrder Markov Processes
The random variables , , and are not i.i.d. in reality, and could be better modelled using firstorder Markov processes, of which the MI, [7] is given by
(6) 
Expressing (6) in terms of entropy,
Note that if the random variables , , and are higherorder Markov processes, then (6) forms the upper bound on the actual MI [7]. As ,
It is trivial to see that Proposition 1 still holds, and that is minimal when the entropy of is minimal. Moreover, when assumptions (a) to (g) hold, then both and are minimal and equal to zero. Now, assume that the Markov processes , , and are also stationary, i.e., , , , , and that assumptions 5 and 6 are made more stringent as in the i.i.d. case. Then, , while
where the function gives the number of instances where or , the number of instances where , the number of instances where , and [7]. As , , and (because and are not perfectly correlated), therefore, .
IiiC Privacy Protection for Actual Systems
For actual systems, the load distributions vary according to the consumer household’s state, and their characterisation is the subject of much research. Despite this, consumer privacy is protected if one can achieve a “flat” grid load that has zero entropy, i.e., zero MI between the sensitive and grid loads. While assumptions 4 and 7 do not hold in reality, it would be possible to implement systems with sufficient storage capacity to average out consumer load (thermal demand). For ESSbased schemes, one would be able to select close to , given a sufficiently large sample size, as the accuracy of the consumer load sample mean as . In addition to , the achievable privacy protection of FTLbased UDS schemes is also dependent on and the ratio of to , which are usually fixed and directly affects the number of instances when . Note that a larger to ratio would require a larger to achieve the same level of privacy protection and vice versa. It would be difficult to compare the performance of actual ESS and FTLbased UDS privacy protection schemes, especially since there is a lot of uncertainty in the system parameters for FTLs. Even so, given the analysis above, the additional dependencies of FTLbased schemes (stochastic thermal demand and dependencies on the ambient environment), and the fact that most FTLs are steploads, properly designed ESSbased schemes should outperform their FTLbased counterparts.
Iv Formulation of the Optimisation Problem for Numerical Experiments
We compare the performance of privacy protection using ESSs and FTLs in realistic systems by simulating a multiobjective modelpredictive control based HEMS controller. For FTLs, we analyse the use of electric hot water heaters (EWHs) and electric resistance space heaters (ERHs), as they better match the analysis in Section III compared to other FTL types. In this section, the modelling of the ESS and FTLs, the formulation of the privacy objective, and the overall optimisation problems used in the HEMS controllers are presented.
Iva Privacy Objective
To verify the analysis in Section III, we adopt a privacy objective function that directly minimises an approximation of (3). This MI approximate, as proposed in [8], assumes that and are i.i.d., and is given by:
(7) 
at time , where is the prediction horizon, , , and are constants used in the estimation of the PDFs , and , is the total number of observations used in the estimate, and
are binary variables used to estimate the PDFs. See
[8] for details on its derivation. Here, we relax binary variables , i.e., let , in order to make (7) a convex function, and overcome the scalability issues identified in [8]. This relaxation affects the performance of the controller in terms of minimising MI, but this is outside the scope of this paper. The following constraints are required in the optimisation of (7):(8)  
(9)  
(10) 
where is the index corresponding to the given value of , , , and constraint (10) links the grid load to the MI approximate.
IvB Modelling of an ESS
Two variables and are used to model the instantaneous charging and discharging powers of the ESS, respectively, in order to capture the different efficiencies during charge and discharge. Additionally, a binary variable is introduced to prevent the simultaneous charging and discharging of the ESS. Let be the energy remaining in the ESS at time , the following constraints are used to model the ESS in the optimisation problem:
(11)  
(12)  
(13)  
(14)  
(15) 
where and are the charging and discharging efficiencies of the ESS, respectively, and is the interval of .
IvC Modelling of an Electric Hot Water Heater
The thermodynamics in a hot water tank can be modelled by splitting the tank into several sections (nodes). A twonode EWH model proposed in [19] is adopted in order to better capture the thermodynamics of a real device. As the original model was developed for an electric heat pump, we modify it by replacing the coefficient of performance (COP) with one. Also, we assume a temperature deadband of C around the temperature setpoint. This water heater model is given by the following constraints in the optimisation problem:
(16)  
(17)  
(18)  
(19)  
(20)  
(21) 
where superscripts and represent the values for the lower and upper nodes of the tank, respectively. is the water temperature of the node, is the indoor air temperature, is the hot water draw, and is the duty cycle of the EWH tank node at time . Also, is the thermal capacitance of the tank node, is the heat loss coefficient of the node, is the heat capacity of water, is the mains water temperature, is the rated power of the EWH, is the minimum water temperature required for safety (to mitigate Legionella bacterium growth in pipework), and is the maximum permissible water temperature of the EWH. Furthermore, to take into account consumer comfort, variables with constraints:
(22)  
(23) 
are introduced to penalise deviations from consumer setpoints for the EWH water .
IvD Modelling an Electric Resistance Space Heater
To model the dynamics of the space heating system, a datadriven model proposed in [20] is adopted. Similarly, we replace the coefficient of performance (COP) with one, to match the ERH. The model coefficients are derived by using statistical learning on data recorded from actual heating systems. The following constraint captures the dynamics of the system
(24) 
where , and are parameters learned from data, and are the indoor and outdoor temperatures at time , respectively, is the ERH duty cycle, is the solar irradiance at time ,and is the rated power of the ERH. Similar to the EWH, the proxy comfort variables are used to penalise deviations from consumer setpoints. However, as deviations in indoor temperature affect consumer comfort to a higher degree than hot water temperatures, deviations (per C) are penalised with a larger coefficient:
(25)  
(26) 
where is the consumer indoor temperature setpoint.
IvE Optimisation Problem for ESSbased HEMS Controller
For the ESSbased HEMS controller, the following objective function is used:
(27) 
where is the cost of energy, is the priceofprivacyloss, and the set enforces constraints (1), and (8) to (15).
The inclusion of the energy costs penalises the charging of the ESS during highprice periods, and when coupled with lower pricesofprivacyloss, discourages multiple chargedischarge cycles within a day. This allows a better comparison with FTLbased systems, which cannot “discharge”, and hence have equivalent energy storage capacities limited by the average daily thermal demand and system losses.
IvF Optimisation Problems for FTLbased HEMS Controller
In addition to the energy costs, the optimisation objective for FTLs should also minimise consumer comfort violations. We minimise , which imposes larger penalties for larger comfort violations. Thus, the optimisation problem for an EWH based HEMS controller is given by
V Numerical Experiments
House 23618 from the Residential Building Stock Assessment database [21] was used for the numerical simulations. This house is based in Emmett, Idaho, USA, which has a semiarid climate with cold winters and multiple heatingdays. Weather data with 5minute resolution from Boulder, Colorado, USA, which has a similar climate was used in the simulations. The HEMS controllers from Section IV were simulated for 180 heatingdays with hourly resolution in MATLAB 2018a and the Gurobi 8.1.0 optimisation solver.
For simplicity, we assume that the incoming water supply temperature is constant, and that and , which can be timedependent, are also constant. Moreover, for ease of comparison, we assume that the controller has perfect knowledge of the sensitive load across the prediction horizon, and that the models used in the controller accurately represent the actual systems. The equivalent energy storage capacity of an FTL is hard to estimate, depends on many stochastic parameters such as weather conditions and consumer behaviour, and remains and ongoing field of research. For the simulations, we assumed that this capacity is given by the average daily thermal demand of the household over the simulation period, considering the simulation setup and assumptions. The general simulation parameters are given in Table I, while Table II gives the system specific parameters. For the FTLbased controllers, .
Prediction horizon, :  

:  
Number of Bins, :  
Number of Bins, :  
Energy Price (peak):  cents/kWh 
Energy Price (offpeak):  cents/kWh 
Minimum grid load, :  kW 
Maximum grid load, :  kW 
ESS  EWH  ERH  
Equivalent storage cap.:  kWh  kWh  kWh 
Power rating:  kW  kW  kW 
Efficiency/COP:  
Absolute min. temp.:    C   
Absolute max. temp.:    C   
Consumer setpoint:    C  C 
Mains water temp.:    C   
Water heat cap., :    kJ/K   
:    kJ/K   
:    kJ/K   
Therm. coeff., :    e4 kW/K   
Therm. coeff., :    e4 kW/K   
:      e2 
:      e1 
:      e1 
The majority of EWHs and ERHs that are currently installed are step loads. Hence, to better match realistic systems, the continuous dutycycles from the hourly HEMS controllers were also converted into 5minute onoff cycles by a secondary controller. This controller attempts to match the HEMS’ duty cycle, whilst also enforcing the FTL constraints in Section IV at 5minute resolution. To further explore the privacyprotection of both ESS and FTLbased systems, HEMS controllers that do not consider energy costs were also simulated.
Fig. 2 shows the load profiles from an ESSbased system and an EWH based system with discretised control actions (5minute simulation interval), with , and considering energy costs. As illustrated, the reduced flexibility of the EWH based system limits its ability to mask the sensitive load, resulting in more instances where the sensitive load is revealed, e.g., around time steps to . The ESS is also shown to have a single chargedischarge cycle within 24 hours. Here, is maximised instead as it was impossible to achieve minimal . Quantitatively, the privacy leakage of the various systems were assessed by first treating the loads as i.i.d. (IID MI) processes, and then as stationary firstorder Markov processes (Markov MI); using the MI estimation methods described in [18]. It is important to note that the MI estimation methods assume that the FTLs are not privacysensitive, i.e., the privacy leakage from the FTL use is not considered. This is particularly important when interpreting the results when and energy cost is not considered in the objective function. Table III summarises the MI estimates from the various systems.
Both the ESS and EWH systems reached their privacy protection limit without sacrificing the other objectives with . As seen, the ESS system has less than half the privacy leakage compared to the EWH system with . Without considering energy costs, it can be seen that the ESS achieves much lower MI values, while there is only marginal improvement for the EWH due to comfort considerations. With a maximum water draw of l within an hour from the l hot water tank, there is insufficient flexibility when using the EWH to protect privacy with a C deadband. The marginal increase in MI for the ESS without energy costs is due to the binary variables (multiple solution candidates). Moreover, at hourly simulation intervals, the EWH model is inaccurate, as can be seen from the step load versus nonstep load EWH simulations. The actual operation of the EWH differs from the solution of the hourly control actions, as the system dynamics require the secondary controller to make minor adjustments in order to prevent constraint violations (e.g. more accurate water mixing and loss modelling). Hence, in reality one should use models that better represent the continuous dynamics of the thermal system, but that is beyond the scope of this paper. The minor adjustments by the secondary controller eventually led to minor reduction in MI in most cases, but that is coincidental.
Even when combining the EWH with an ERH, the privacy protection afforded still falls below that of the ESS with a fraction of storage capacity for . More importantly, the use of the ERH for privacy entails a significant Markov MI increase, due to the timecorrelated dynamics of the system. The limitation of the ERH in providing more privacy protection again lies in the fact that the temperature deadband is C, limiting flexibility, even when energy costs are ignored. This deadband prevents overheating the space or letting it cool below comfortable levels. Note that there is a very low IID MI when for the combined EWH and ERH system. This is due to the fact that coincidentally, the period when there is high space heating demand is also the period with high private information leakage (occupied and lowload night periods); and that the ERH usage is assumed to not reveal private information.
While there is substantial MI reduction for all systems even with (the entropy / MI for the sensitive load is bits), if the EWH and ERH usage is privacysensitive, then at , the EWH and ERH profiles are unprotected and fully reveal the information contained by their usage.
IID MI  Markov MI  IID MI  Markov MI  IID MI  Markov MI  
ESS with energy costs  0.565  0.709  0.286  0.678  0.287  0.653 
ESS without energy costs      0.149  0.672  0.154  0.671 
Step load EWH with energy costs  0.656  0.859  0.655  0.837  0.647  0.823 
Step load EWH without energy costs  0.658  0.831  0.633  0.817  0.633  0.817 
Nonstep load EWH with energy costs  0.791  0.941  0.693  0.870  0.679  0.864 
Nonstep load EWH without energy costs  0.813  0.915  0.628  0.821  0.628  0.824 
Step load EWH and ERH with energy costs  0.367  1.062  0.362  1.066  0.362  1.080 
Step load EWH and ERH without energy costs  0.136  0.788  0.326  1.214  0.326  1.208 
Vi Conclusions and Future Outlook
In this paper, we studied the use of resistive FTLs for consumer privacy protection using UDS methods. Theoretical analysis shows that due to the fact that FTLs cannot compensate sensitive load by “discharging”, the level of protection afforded by them is below that of ESSs. Moreover, as seen from numerical experiments, the inflexibility of these systems due to the timespecific nature of thermal demand limits their performance; unless one allows for large temperature fluctuations or use largely oversized systems. Nonetheless, controllable FTLs are able to afford some level of privacy protection, and should be utilised for privacy protection given their increasing ubiquity in households. Future work will consider the use of inductive loads and loads with interruptible, but fixed cycle lengths.
References
 [1] E. McKenna, I. Richardson, and M. Thomson, “Smart meter data: Balancing consumer privacy concerns with legitimate applications,” Energy Policy, vol. 41, pp. 807–814, Feb. 2012.
 [2] P. McDaniel and S. McLaughlin, “Security and privacy challenges in the smart grid,” IEEE Security and Privacy, vol. 7, no. 3, 2009.
 [3] A. MolinaMarkham, P. Shenoy, K. Fu, E. Cecchet, and D. Irwin, “Private memoirs of a smart meter,” in Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for EnergyEfficiency in Building, Zurich, Switzerland, 2010, pp. 61–66.
 [4] L. Sankar, S. R. Rajagopalan, S. Mohajer, and H. Poor, “Smart meter privacy: A theoretical framework,” IEEE Transactions on Smart Grid, vol. 4, no. 2, pp. 837–846, 2013.
 [5] S. McLaughlin, P. McDaniel, and W. Aiello, “Protecting consumer privacy from electric load monitoring,” in Proceedings of the 18th ACM conference on computer and communications security (CCS ’11), Chicago, Illinois, USA, 2011, pp. 87–98.
 [6] W. Yang, N. Li, Y. Qi, W. Qardaji, S. McLaughlin, and P. McDaniel, “Minimizing private data disclosures in the smart grid,” in Proceedings of the 19th ACM conference on computer and communications security (CCS ’12), Raleigh, North Carolina, USA, 2012, p. 415.
 [7] O. Tan, J. GomezVilardebo, and D. Gündüz, “Privacycost tradeoffs in demandside management with storage,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1458–1469, 2017.
 [8] J. X. Chin, T. Tinoco De Rubira, and G. Hug, “Privacyprotecting energy management unit through modeldistribution predictive control,” IEEE Trans. on Smart Grid, vol. 8, no. 6, pp. 3084–3093, 2017.
 [9] G. Giaconi, D. Gündüz, and H. V. Poor, “Smart meter privacy with renewable energy and an energy storage device,” IEEE Trans. on Information Forensics and Security, vol. 13, no. 1, pp. 129–142, 2018.
 [10] D. Koo, Y. Shin, and J. Hur, “Privacypreserving aggregation and authentication of multisource smart meters in a smart grid system,” Applied Sciences, vol. 7, no. 10, Sept. 2017.
 [11] M. A. Mustafa, S. Cleemput, A. Aly, and A. Abidin, “A secure and privacypreserving protocol for smart metering operational data collection,” IEEE Trans. on Smart Grid, 2019, to be published.
 [12] C. Efthymiou and G. Kalogridis, “Smart grid privacy via anonymization of smart metering data,” in 2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MD, USA, Oct. 2010.
 [13] C. Rottondi, G. Mauri, and G. Verticale, “A data pseudonymization protocol for smart grids,” in 2012 IEEE Online Conference on Green Communications (GreenCom), Sept. 2012.
 [14] M. U. Hassan, M. H. Rehmani, R. Kotagiri, J. Zhang, and J. Chen, “Differential privacy for renewable energy resources based smart metering,” Journal of Parallel and Distributed Computing, vol. 131, Sept. 2019.
 [15] D. Chen, S. Kalra, D. Irwin, P. Shenoy, and J. Albrecht, “Preventing occupancy detection from smart meters,” IEEE Transactions on Smart Grid, vol. 6, no. 5, pp. 2426–2434, 2015.
 [16] K. Baker and K. Garifi, “Power signature obfuscation using flexible building loads,” in International Workshop on NonIntrusive Load Monitoring (NILM), Austin, TX, USA, Mar. 2018.
 [17] B. Zhou, W. Li, K. W. Chan, Y. Cao, Y. Kuang, X. Liu, and X. Wang, “Smart home energy management systems: Concept, configurations, and scheduling strategies,” Renewable and Sustainable Energy Reviews, vol. 61, pp. 30–40, 2016.
 [18] J. X. Chin, G. Giaconi, T. Tinoco De Rubira, G. Hug, and D. Gündüz, “Considering time correlation in the estimation of privacy loss for consumers with smart meters,” in 2018 Power System Computation Conference (PSCC), Dublin, Ireland, June 2018.
 [19] X. Jin, J. Maguire, and D. Christensen, “Model predictive control of heat pump water heaters for energy efficiency,” in 2014 ACEEE Summer Study on Energy Efficiency in Buildings, Pacific Grove, CA, Aug. 2014.
 [20] X. Jin, K. Baker, D. Christensen, and S. Isley, “Foresee: A usercentric home energy management system for energy efficiency and demand response,” Applied Energy, vol. 205, pp. 1583–1595, Nov. 2017.
 [21] Ecotope Inc., “Residential building stock assessment: Metering study,” Northwest Energy Efficiency Alliance, Tech. Rep. E14283, 2014. [Online]. Available: https://neea.org/img/documents/residentialbuildingstockassessmentmeteringstudy.pdf
Comments
There are no comments yet.